CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Iteris 1Vantage Velocity Firmware Nov 21, 2024 Feb 17, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script. |
1Iteris 1Vantage Velocity Firmware Nov 21, 2024 Feb 17, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts. |
1Iteris 1Vantage Velocity Firmware Nov 21, 2024 Feb 17, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetoo...Show more |
1Iteris 1Vantage Velocity Firmware Nov 21, 2024 Feb 17, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. |